WordPress 2.1.1 Users – Important Update

If you’re a WordPress user and are using version 2.1.1 it is crucial that you upgrade to the latest version (2.1.2) – particularly if you upgraded in the last 3-4 days. The reason is that there has been a hacker compromise that version and add/change code.

Related Posts

Problogger.net runs on the Genesis Framework

The Genesis Framework empowers you to quickly and easily build incredible websites with WordPress. Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go.

Comments

I hate to hijack a post, but I have to ask on a blog that has ‘knowledgable’ users.

What is the suggested and most commonly used time frame for the maximum visit length? You know, the amount of time that has elapsed since a visitor last visited a page on your website, before that visitor is then considered unique again.

I would have thought 24 hrs, but I’ve read suggestions that it should be around 6 hrs. What do you think? I’m wanting my ‘stats’ to be accurate.

P.S. I don’t mind if you delete this Darren, just as long as you send me an email with the answer. ;-)

It compromises only 2.1.1. The article states that a hacker modified the download directly on wordpress.org in the last few days. Slightly older versions of 2.1.1 might not be affected, but it’s probably still a good idea to upgrade anyway. 2.1 and below do not have this problem. (Yay for being too lazy to upgrade!)

In short, to be safe, if you have 2.1.1, upgrade or you could be in for a very nasty surprise.

One thing everyone running a wordpress blog should do is subscribe to the wordpress development blog rss feed. That way, you get rapid notification of problems such as this, and you can reduce the time window during which your site is vulnerable. The feed is here:

Trackbacks

[…] On the off chance that you haven’t heard the news yet. You should upgrade your WordPress install straight away. Don’t hesitate, do it now. Don’t pause to grab a cup of coffee. If you’re just waking up then rub the sleep from your eyes and jump to the download page and grab WordPress 2.1.2. […]

[…] 03 March, 2007 Having just upgraded my WordPress installation because of a security flaw discovered last week, I’ve got WordPress on the brain. And, while I’m still relatively new to the platform, I thought it would be fun to share with you the WordPress plugins I’ve found useful so far. […]

[…] On the off chance that you haven’t heard the news yet. You should upgrade your WordPress install straight away. Don’t hesitate, do it now. Don’t pause to grab a cup of coffee. If you’re just waking up then rub the sleep from your eyes and jump to the download page and grab WordPress 2.1.2. […]

[…] Sure, most of you must have already upgraded, if not, and you haven’t heard the news yet. You should upgrade your WordPress 2.1.1 install right away. Don’t delay further, just download WordPress 2.1.2, and head over to updgradation. Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately. […]

[…] Last week I read from Problogger.net that there’s a severe security issue with the WordPress 2.1.1 installation. A hacker had altered the WP source code, so it was important to make this upgrade. Thanks to the WP crew, there’s a really good guide for upgrading to WP 2.1.2. I thought about writing the instructions here, but the guide is so good and rich in detail, so there was no sense writing it all over again. But I wanted to share my thoughts on this upgrade and also add info about the tools that helped me. First, the time wasted on this upgrade must be massive. It took me 30-45 min to make the upgrade in addition to read the upgrade guide, so in total it took roughly 1 hour. Now think about those millions of WP users, that had to make this 1 hour effort… MILLIONS OF HOURS just because one individual had to show off his black hat skills. I hope you break your hand or something equally painful… I thank you for teaching me patience. […]

[…] If you’re a WordPress user and are using version 2.1.1 it is crucial that you upgrade to the latest version (2.1.2) – particularly if you upgraded in the last 3-4 days. The reason is that there has been a hacker compromise that version and add/change code. March 11, 2007 · WordPress · .adHeadline {font: bold 8.5pt Arial; text-decoration: underline; color: #0000FF;float: right;} .adText {font: normal 9.5pt Arial; text-decoration: none; color: #000000;float: right;} […]

[…] It is amazing the things you miss online after being gone a few weeks. 3 weeks in cyber world is like 3 months in real life. I missed the whole WordPress 2.1.1 hacking scare. Good thing I was only running 2.0.5. […]